Get in touch

James Lewry

Director

Get in touch

Selecting the right Third-Party Risk Management (TPRM) platform for sustainability due diligence

Selecting the right Third-Party Risk Management (TPRM) platform for sustainability due diligence

Supply chain due diligence is essential. Regulations like the EU Batteries Regulation (EUBR) and the Corporate Sustainability Due Diligence Directive (CSDDD) explicitly require companies to assess, mitigate, and report on risks in their supply chains. This means building a process that fits the business’ needs and meets compliance requirements.


Using technology to automate this process, such as a TPRM platform, can remove much of the administrative burden and inefficiencies of a manual process. However, choosing the right platform is critical, because simply purchasing an ‘off-the-shelf’ solution may not be the quick fix to efficiency and compliance it can appear to be…

Why an ‘off-the-shelf’ TPRM platform isn’t always the best solution

Many companies fall into the trap of selecting a pre-packaged TPRM system, assuming it will immediately automate their due diligence process. However, these platforms are typically designed with generic workflows that may not align with a company’s specific due diligence requirements, supply chain footprint, operational structures, or risk exposure.

Challenges of off-the-shelf TPRM platforms:

  • Rigid workflows: Pre-built systems often dictate how due diligence should be conducted, forcing companies to modify their internal processes to fit the system rather than the other way around.
  • Limited customisation:  Many platforms have fixed risk assessment criteria and reporting structures that may not align with industry-specific or company-specific sustainability goals.
  • Scalability issues: As regulatory requirements continue to evolve, an off-the-shelf platform may not adapt without costly additional development.
  • Integration challenges: These systems may not seamlessly integrate with a company’s existing procurement or compliance systems, creating sustainability silos rather than streamlined workflows.

Rather than selecting a TPRM platform first and adapting internal processes to fit, businesses should develop a management system and due diligence model that aligns with their specific needs before selecting a technology solution. This approach ensures that the technology serves the business and not the other way around.

Steps to a tailored TPRM approach:

  1. Map your due diligence process – Define your company’s existing sustainability risk management framework, including risk assessment, mitigation, escalation, and reporting.
  2. Identify regulatory requirements – Ensure your model aligns with CSDDD, EUBR, and other relevant standards to maintain compliance.
  3. Assess internal needs and gaps – Identify where technology could enhance efficiency without overriding well-functioning processes. Do this by consulting a wide range of perspectives from across the business from those who will have a role in the due diligence process or parallel processes, like HR, technology, procurement, risk management, legal and compliance, supplier relationship management etc.
  4. Select a flexible TPRM platform – Choose a system that can be customised or configured to fit your management system, rather than forcing your business to fit the software.
  5. Pilot and iterate – Test the system with a subset of suppliers and refine it before full-scale implementation.

By taking these steps first, you can configure a system to your needs, or select a customised system based on the process flows set by your risk management criteria and sustainability goals. You will also reduce non-compliance risk by designing due diligence workflows in line with legal requirements before selecting a tool. This approach avoids disruption to the business as it fits into existing workflows and will give greater adaptability to regulatory changes and emerging risks.

CASE STUDY: an international mining company

An international mining company with assets in Europe and Africa needed to introduce a due diligence process to manage increasing regulatory requirements and risks from suppliers involved in human rights and environmental impacts. The procurement team had tendered for a TPRM system to help but hadn’t built a due diligence process, so they received a wide variety of different solutions and prices and did not know what system to choose. As a result, they wisely cancelled the tender and asked our team for support.

We developed and piloted a due diligence process for the company that met regulatory and risk management needs. We did this by consulting widely with stakeholders across the business and establishing a framework with clear corporate and asset-level responsibilities, developing workflows and tools, and providing training. Once the process was developed, we drafted a technical specification for a TPRM system so that the business could procure a custom system designed around their needs.

Off-the-shelf can still be the right choice

For companies with simpler supply chains or limited sustainability due diligence needs, an off-the-shelf TPRM system can be a viable option if your due diligence process is designed around the platform’s capabilities. This approach is useful for:

  • Small or medium-sized enterprises (SMEs) with lower-risk supplier networks.
  • Companies needing a quick solution for basic compliance requirements.
  • Organisations that lack the resources for customised system development but can align their processes with a pre-built system.

Design, customise, implement…

Selecting a TPRM platform is a strategic decision that should be based on business needs, regulatory obligations, and operational realities. Rather than adapting business processes to fit an off-the-shelf system, companies should first design a due diligence framework and then choose a TPRM platform that supports and enhances it. This ensures compliance, efficiency, and scalability in an evolving regulatory landscape.

For businesses with more basic needs, an off-the-shelf solution can work but only if the due diligence process is carefully structured around the system’s capabilities.

If your organisation wants to implement a TPRM system that truly fits your sustainability due diligence needs, start by mapping out your requirements and selecting a system that adapts to your business – not the other way around.

Need guidance? Contact our team to discuss how to build a sustainability-focused TPRM strategy that works for you.

Other areas of interest

Selecting the right Third-Party Risk Management (TPRM) platform for sustainability due diligence

Dashboards and data: selecting the right tools for supply chain due diligence

Read more
Selecting the right Third-Party Risk Management (TPRM) platform for sustainability due diligence

EU Omnibus regulations: Cutting through the noise – what businesses should focus on now

Read more